Bug 589819 - [abrt] crash in wpa_supplicant-1:0.6.8-8.fc13: Process /usr/sbin/wpa_supplicant was killed by signal 11 (SIGSEGV)
Summary: [abrt] crash in wpa_supplicant-1:0.6.8-8.fc13: Process /usr/sbin/wpa_supplica...
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: wpa_supplicant
Version: 6.0
Hardware: i686
OS: Linux
Target Milestone: rc
: ---
Assignee: Dan Williams
QA Contact: desktop-bugs@redhat.com
Whiteboard: abrt_hash:a2204c74184b289bb94103a1376...
Depends On: 589507
TreeView+ depends on / blocked
Reported: 2010-05-07 01:17 UTC by Dan Williams
Modified: 2010-11-12 13:44 UTC (History)
5 users (show)

Fixed In Version: wpa_supplicant-0.6.8-10.el6
Doc Type: Bug Fix
Doc Text:
Clone Of: 589507
Last Closed: 2010-11-12 13:44:45 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Dan Williams 2010-05-07 01:17:47 UTC
+++ This bug was initially created as a clone of Bug #589507 +++

abrt 1.1.0 detected a crash.

architecture: i686
Attached file: backtrace
cmdline: /usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -B -u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid
component: wpa_supplicant
executable: /usr/sbin/wpa_supplicant
global_uuid: a2204c74184b289bb94103a13762bdd2115b01b2
package: wpa_supplicant-1:0.6.8-8.fc13
rating: 3
reason: Process /usr/sbin/wpa_supplicant was killed by signal 11 (SIGSEGV)
release: Fedora release 13 (Goddard)
How to reproduce: I was playing around with NetworkManager and starting and stopping things. But nothing that justifies a sig11.

--- Additional comment from mads@kiilerich.com on 2010-05-06 06:52:34 EDT ---

abrt failed to attach the stacktrace - probably because of bug 589511

[New Thread 28072]
Core was generated by `/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -B -u -f /v'.
Program terminated with signal 11, Segmentation fault.
#0  0x0b000065 in ?? ()

Thread 1 (Thread 28072):
#0  0x0b000065 in ?? ()
No symbol table info available.
#1  0x0807fef3 in wpa_drv_disassociate (eloop_ctx=<value optimized out>, 
    timeout_ctx=<value optimized out>) at wpa_supplicant_i.h:588
No locals.
#2  wpa_disconnect_spam_handle (eloop_ctx=<value optimized out>, 
    timeout_ctx=<value optimized out>) at wpa_supplicant.c:477
        wpa_s = 0x84fe0b8
        bssid = "\377\377\377\377\377\377"
        __FUNCTION__ = "wpa_disconnect_spam_handle"
#3  0x08051ce1 in eloop_run () at ../src/utils/eloop.c:496
        tmp = <value optimized out>
        efds = <value optimized out>
        res = 0
        _tv = {tv_sec = 0, tv_usec = 0}
        now = {sec = 1273136928, usec = 728426}
#4  0x0807fd66 in wpa_supplicant_run (global=<value optimized out>)
    at wpa_supplicant.c:2179
        wpa_s = <value optimized out>
#5  0x08087ace in main (argc=<value optimized out>, 
    argv=<value optimized out>) at main.c:253
        c = <value optimized out>
        i = <value optimized out>
        ifaces = <value optimized out>
        iface = <value optimized out>
        exitcode = <value optimized out>
        params = {daemonize = 1, wait_for_monitor = 0, 
          pid_file = 0x84fb028 "/var/run/wpa_supplicant.pid", 
          wpa_debug_level = 2, wpa_debug_show_keys = 0, 
          wpa_debug_timestamp = 0, ctrl_interface = 0x0, 
          dbus_ctrl_interface = 1, 
          wpa_debug_file_path = 0xbfde4f26 "/var/log/wpa_supplicant.log"}
From        To          Syms Read   Shared Object Library
0x0451fdc0  0x045573f8  Yes         /usr/lib/libssl.so.10
0x0413ee80  0x04221fd8  Yes         /usr/lib/libcrypto.so.10
0x004cba60  0x004cca88  Yes         /lib/libdl.so.2
0x009db220  0x00a07578  Yes         /lib/libdbus-1.so.3
0x004b25e0  0x004be568  Yes         /lib/libpthread.so.0
0x004e8880  0x004ec6b8  Yes         /lib/librt.so.1
0x0030aaa0  0x0042a554  Yes         /lib/libc.so.6
0x04420750  0x044423b8  Yes         /lib/libgssapi_krb5.so.2
0x00d2fe50  0x00d92ea8  Yes         /lib/libkrb5.so.3
0x00d1cd10  0x00d1d938  Yes         /lib/libcom_err.so.2
0x0444f7f0  0x0446a208  Yes         /lib/libk5crypto.so.3
0x00616650  0x00624f58  Yes         /lib/libresolv.so.2
0x004d3620  0x004de8e8  Yes         /lib/libz.so.1
0x002d2830  0x002ea37f  Yes         /lib/ld-linux.so.2
0x00de2c60  0x00de7238  Yes         /lib/libkrb5support.so.0
0x00ddc860  0x00ddcfc8  Yes         /lib/libkeyutils.so.1
0x005f8190  0x006093b8  Yes         /lib/libselinux.so.1
$1 = 0x0
No symbol "__glib_assert_msg" in current context.
eax            0xb000065	184549477
ecx            0x0	0
edx            0x850ed68	139521384
ebx            0x84fe0b8	139452600
esp            0xbfde369c	0xbfde369c
ebp            0xbfde36c8	0xbfde36c8
esi            0x84fddd8	139451864
edi            0x0	0
eip            0xb000065	0xb000065
eflags         0x210206	[ PF IF RF ID ]
cs             0x73	115
ss             0x7b	123
ds             0x7b	123
es             0x7b	123
fs             0x0	0
gs             0x33	51
No function contains program counter for selected frame.

--- Additional comment from mads@kiilerich.com on 2010-05-06 08:11:44 EDT ---

Package: wpa_supplicant-1:0.6.8-8.fc13
Architecture: i686
OS Release: Fedora release 13 (Goddard)

How to reproduce
I was playing around with NetworkManager and starting and stopping things. But nothing that justifies a sig11.

Comment 1 Dan Williams 2010-05-07 01:19:35 UTC
While the impact of this crash is not huge, this fix is pretty obvious and worth getting into RHEL6 I believe.

Comment 2 Dan Williams 2010-05-07 01:23:58 UTC
Fix is to ensure the timeout gets removed when the interface goes away in wpa_supplicant-0.6.8-handle-driver-disconnect-spam.patch so that it doesn't get fired after the wpa_supplicant structure is deallocated and thus try to access invalid memory.

diff -up wpa_supplicant-0.6.8/wpa_supplicant/wpa_supplicant.c.disconnect-spam wpa_supplicant-0.6.8/wpa_supplicant/wpa_supplicant.c
--- wpa_supplicant-0.6.8/wpa_supplicant/wpa_supplicant.c.disconnect-spam        2010-05-06 18:10:51.340288662 -0700
+++ wpa_supplicant-0.6.8/wpa_supplicant/wpa_supplicant.c        2010-05-06 18:12:06.090413976 -0700
@@ -382,6 +382,9 @@ static void wpa_supplicant_cleanup(struc
+       if (eloop_is_timeout_registered(wpa_disconnect_spam_handle, wpa_s, NULL))
+               eloop_cancel_timeout(wpa_disconnect_spam_handle, wpa_s, NULL);

Comment 3 RHEL Program Management 2010-05-07 01:33:42 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for

Comment 6 Dan Williams 2010-07-12 22:20:43 UTC
Requesting exception; fix is easy and low-risk, and has been present in Fedora for quite a while.

Comment 9 Dan Williams 2010-07-14 15:21:06 UTC
Fixed in May

Comment 11 Vladimir Benes 2010-11-12 09:22:58 UTC
cannot see any related crashes any more

Comment 12 releng-rhel@redhat.com 2010-11-12 13:44:45 UTC
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.